By now, you have no doubt heard of artificial intelligence (AI). It offers seemingly countless opportunities for businesses to operate more efficiently and increase their revenue, and because of this, many businesses, in the tech industry and beyond, are rushing to develop their own models. This massive demand and sense of urgency are leading to an equally large investment of time and money, but the lack of general regulation and guardrails around the use of AI may prove (and has proven) costly to companies who are not investing a bit more to self-regulate based on laws and regulations (such as privacy and intellectual property laws) that apply to the main principles of AI.
In this first installment, we’ll look at the best practices for companies to develop their AI model to better future proof against data privacy concerns and avoid having to re-engineer their model, or worse yet, start over. By taking these steps early, developers can keep their models running, and generate revenue, longer.
Before any AI training can begin, a certain amount of development has to take place, and it is here that companies should take a bit more time, and invest a bit more money, and consider the general trend in privacy laws (following in the footsteps of the EU’s General Data Protection Regulation and the California Consumer Privacy Act), and what few AI laws there are (e.g., the EU AI Act).
The privacy laws, by and large, are all offering individuals the same set of rights such as the right to request deletion, the right to correct data, and the right to be free from decisions based solely on automated processing (producing legal effects or similarly significant effects), with this final right being the most directed at artificial intelligence. Along with the right of deletion, there is also an overarching principle that data is not retained longer than is necessary for the purpose for which it was provided. Of course, as with most rules, there are exceptions, but AI developers should work to build into their models the ability to remove someone’s data upon request, update or correct their data, and create a means of sunsetting the data used to train their model. Developers should even add human oversight for the logic used in the model to avoid biased training data and to ensure that individuals can contest the decisions made in a meaningful way.
How companies go about doing this will depend largely on their resources, infrastructure and the nature of their model.
While there aren’t many AI laws in effect at the moment (because of the somewhat relative novelty of the technology), the EU AI Act (the ‘Act’) will likely soon be in effect (see here for more information on the Act), and if the progression of AI regulation mimics the progression of privacy laws at all, analogous laws will be passed in the U.S. that will closely resemble the Act. There are certain uses of AI that the Act ban, such as for credit scoring, behavioral manipulation, untargeted scraping of facial images, predictive policing, and mass public law enforcement. For those uses which are not banned, some of the key requirements on AI models found in the Act are ensuring the use of representative training data (to avoid bias), providing transparency as to the logic being used, having mechanisms in place to ensure the data and output are accurate, and ensuring human oversight at all stages.
In sum, by being able to remove data, ensure its accuracy, explain how the model works, and involve human oversight to help individuals and ensure the model has good data going in and results coming out, AI developers will be able to drive and compound their revenue, by having their models up and running longer, while their competitors have to stop, tear down and rebuild their models. For reference, ChatGPT was banned completely in Italy for several weeks.